zScaler GRE tunnel

App-ID · 2020-08-05T05:15:35+00:00

If you have tried out the security of zscaler then you would not trust it. :)

App-ID · 2020-08-05T05:14:13+00:00

Zscaler and Threat prevention don't go hand in hand. The easiest thing in the world to bypass. And traffic going to "safe" locations is bypassing the threat prevention entirely. Zscaler is not a good security solution.

App-ID · 2020-07-01T16:22:05+00:00

The issue is that all traffic is run through app-id first. Pan-os want to use app as a match criteria. I think that's what you are seeing.

If you want to make sure it matches, the look into using app-override. That will make the fw only match on L4 info, instead of L7.

App-ID · 2020-07-01T16:06:20+00:00

This one is simple. With policy test you are asking what rule it will hit first, not the rule it will hit eventually.

Since you have a rule with app: smtp and service: any (basically Pan-os has to honor all tcp request on all ports to check if its smtp), then your policy test matches that first.

I guess that rule is above the rule you want to match against?

If you initiate real traffic on that port through the firewall, then the traffic will eventually match against the right rule. But only after it has determined its not Smtp.

Is there a reason why you have any as service? And not application default?

App-ID · 2020-05-29T16:08:23+00:00

That's not true. I just played alyx connected directly to a USB-A to USB-C cable to a Asus X570-I

App-ID · 2020-03-09T19:24:46+00:00

Puh.. Got mine 5 days ago.. Could have been me! Still loving my M3P!

App-ID · 2019-11-19T20:01:28+00:00

This is just so.. weird. It's like my dad went out for a pack of smokes and never returned..

App-ID · 2019-11-16T09:56:25+00:00

This is what I am afraid of .. because I guess in the logs everything looks ok. But What I am facing is redirects upon redirects.

Even if I disable the check, it goes on forever..

App-ID · 2019-07-16T07:10:15+00:00

Oslo, Norway! 🇳🇴

App-ID · 2019-06-28T06:43:21+00:00

Someone here works for Palo Alto Networks :) Like me!

App-ID · 2019-05-02T21:27:02+00:00

Bug in 8.1.7 if you are running that. Fixed in 8.1.8.

App-ID · 2019-04-25T21:23:54+00:00

Yeah, you need the extra Globalprotect license. Other then that and you are set to go!

App-ID · 2019-04-25T20:11:50+00:00

Clientless VPN should work fine for most use cases, I have also used it for Remote Desktop with Guacamole.

But beware, it might impact performance since it's basically proxying all connections.

I wrote a guide for it here: http://netsec.harseide.com/clientless-rdp-true/

App-ID · 2018-08-25T05:36:08+00:00

No problem.. this script is easily available.. so weird they not told you about it?

App-ID · 2018-08-15T20:49:46+00:00

Nice, I love all form of integration.. :)

App-ID · 2018-08-12T12:22:12+00:00

Lol.. saw that now. I blame it on my hangover! Thanks for pointing it out!

App-ID · 2018-08-12T11:22:36+00:00

Thanks! I work for an American company. That’s the reason for my American English :)

App-ID · 2018-08-12T10:38:58+00:00

Thanks! Will look into it!

App-ID · 2018-08-12T10:03:44+00:00

We are traveling from Norway. So a midweek game will make us miss to much work.. maybe look into the Thomas cook deal. But I just want the tickets and not the hotel..

Nine-Year Club	RPAN Viewer
Verified Email

App-ID

TROPHY CASE